[Openswan Users] iptables settings

Richard Abbuhl rabbuhl at VoCognition.com
Fri Jul 30 22:26:30 CEST 2004


Hi,
 
With Fedora Core 1 and freeswan, the following iptables rule was sufficient for my for my internet connection to function properly.
 
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

With Fedora Core 2 and openswan, it seemsthat the above rule is not sufficient.  I also need all of these rules(*):
 
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -t nat -I POSTROUTING -o $EXTIF -p esp -j ACCEPT
$IPTABLES -t nat -I POSTROUTING -o $EXTIF -p ah -j ACCEPT
 
However, I have still have a problem using Remote Desktop Connection and have tried these rules:
 
# I saw this rule like this in the openswan documentation.
# $IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 172.xx.x.x/16 -d ! 192.xxx.x.x/24 -j MASQUERADE

# This was a guess.
# $IPTABLES -t nat -I POSTROUTING -o $EXTIF -p tcp --dport 3389 -j ACCEPT

# I thought this might open the RDC ports.
# $IPTABLES -A INPUT  -p tcp --sport 3389 --dport 3389 -j ACCEPT
# $IPTABLES -A OUTPUT -p tcp --sport 3389 --dport 3389 -j ACCEPT
 
It seems that no matter what I need these rule (*) for my internet connection to function properly.  What additional rules are needed for my VPN connection to function properly with Remote Desktop Connection?

Regards,

Richard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040730/42f16d74/attachment.htm


More information about the Users mailing list